{
"AWSTemplateFormatVersion": "2010-09-09",
"Description": "(0003) - This template deploys two Windows Server Failover Clustering (WSFC) and SQL Server 2012 AlwaysOn Availability Group nodes. This template is intended to be installed into an existing VPC that was built using the sample reference architecture titled: \"Implementing Active Directory Domain Services in the AWS Cloud\" **WARNING** This template creates Amazon EC2 Windows instance and related resources. You will be billed for the AWS resources used if you create a stack from this template.",
"Parameters": {
"KeyPairName": {
"Description": "Public/private key pairs allow you to securely connect to your instance after it launches",
"Type": "AWS::EC2::KeyPair::KeyName"
},
"WSFCNode1InstanceType": {
"Description": "Amazon EC2 instance type for the 1st WSFC Node",
"Type": "String",
"Default": "r3.2xlarge",
"AllowedValues": [
"r3.xlarge",
"r3.2xlarge",
"r3.4xlarge"
],
"ConstraintDescription": "Only EBS Optimized instance types r3.xlarge, r3.2xlarge, r3.4xlarge allowed"
},
"WSFCNode2InstanceType": {
"Description": "Amazon EC2 instance type for the 1st WSFC Node",
"Type": "String",
"Default": "r3.2xlarge",
"AllowedValues": [
"r3.xlarge",
"r3.2xlarge",
"r3.4xlarge"
],
"ConstraintDescription": "Only EBS Optimized instance types r3.xlarge, r3.2xlarge, r3.4xlarge allowed"
},
"DomainDNSName": {
"Description": "Fully qualified domain name (FQDN) of the forest root domain e.g. corp.example.com",
"Type": "String",
"Default": "example.com",
"MinLength": "3",
"MaxLength": "25",
"AllowedPattern": "[a-zA-Z0-9\\-]+\\..+"
},
"DomainNetBIOSName": {
"Description": "NetBIOS name of the domain (upto 15 characters) for users of earlier versions of Windows e.g. CORP",
"Type": "String",
"Default": "example",
"MinLength": "1",
"MaxLength": "15",
"AllowedPattern": "[a-zA-Z0-9\\-]+"
},
"WSFCNode1NetBIOSName": {
"Description": "NetBIOS name of the 1st WSFC Node (up to 15 characters)",
"Type": "String",
"Default": "WSFCNode1",
"MinLength": "1",
"MaxLength": "15",
"AllowedPattern": "[a-zA-Z0-9\\-]+"
},
"WSFCNode2NetBIOSName": {
"Description": "NetBIOS name of the 2nd WSFC Node (up to 15 characters)",
"Type": "String",
"Default": "WSFCNode2",
"MinLength": "1",
"MaxLength": "15",
"AllowedPattern": "[a-zA-Z0-9\\-]+"
},
"ADServerNetBIOSName1": {
"Description": "NetBIOS name of the existing Domain Controller in AZ1",
"Type": "String",
"Default": "DC1",
"MinLength": "1",
"MaxLength": "15",
"AllowedPattern": "[a-zA-Z0-9\\-]+"
},
"ADServerNetBIOSName2": {
"Description": "NetBIOS name of the existing Domain Controller in AZ2",
"Type": "String",
"Default": "DC2",
"MinLength": "1",
"MaxLength": "15",
"AllowedPattern": "[a-zA-Z0-9\\-]+"
},
"DomainAdminUser": {
"Description": "User name for the account that will be added as Domain Administrator. This is separate from the default \"Administrator\" account",
"Type": "String",
"Default": "StackAdmin",
"MinLength": "5",
"MaxLength": "25",
"AllowedPattern": "[a-zA-Z0-9]*"
},
"DomainAdminPassword": {
"Description": "Password for the domain admin user. Must be at least 8 characters containing letters, numbers and symbols",
"Type": "String",
"MinLength": "8",
"MaxLength": "32",
"AllowedPattern": "(?=^.{6,255}$)((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*",
"NoEcho": "true"
},
"SQLServiceAccount": {
"Description": "User name for the SQL Server Service Account. This Account is a Domain User.",
"Type": "String",
"Default": "sqlsa",
"MinLength": "5",
"MaxLength": "25",
"AllowedPattern": "[a-zA-Z0-9]*"
},
"SQLServiceAccountPassword": {
"Description": "Password for the SQL Service account. Must be at least 8 characters containing letters, numbers and symbols",
"Type": "String",
"MinLength": "8",
"MaxLength": "32",
"AllowedPattern": "(?=^.{6,255}$)((?=.*\\d)(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[^A-Za-z0-9])(?=.*[a-z])|(?=.*[^A-Za-z0-9])(?=.*[A-Z])(?=.*[a-z])|(?=.*\\d)(?=.*[A-Z])(?=.*[^A-Za-z0-9]))^.*",
"NoEcho": "true"
},
"ADServer1PrivateIp": {
"Description": "Fixed private IP for the first existing Active Directory server located in AZ1",
"Type": "String",
"Default": "10.0.0.10"
},
"ADServer2PrivateIp": {
"Description": "Fixed private IP for the second existing Active Directory serverr located in AZ2",
"Type": "String",
"Default": "10.0.64.10"
},
"WSFCNode1PrivateIp": {
"Description": "Primary private IP for the 1st WSFC Node located in AZ1",
"Type": "String",
"Default": "10.0.0.100"
},
"WSFCNode1PrivateIp2": {
"Description": "Secondary private IP for WSFC cluster on 1st WSFC Node",
"Type": "String",
"Default": "10.0.0.101"
},
"WSFCNode1PrivateIp3": {
"Description": "Third private IP for Availability Group Listner on 1st WSFC Node",
"Type": "String",
"Default": "10.0.0.102"
},
"WSFCNode2PrivateIp": {
"Description": "Primary private IP for the 2nd WSFC Node located in AZ2",
"Type": "String",
"Default": "10.0.64.100"
},
"WSFCNode2PrivateIp2": {
"Description": "Secondary private IP for WSFC cluster on 2nd WSFC Node",
"Type": "String",
"Default": "10.0.64.101"
},
"WSFCNode2PrivateIp3": {
"Description": "Third private IP for Availability Group Listner on 2nd WSFC Node",
"Type": "String",
"Default": "10.0.64.102"
},
"DomainMemberSGID": {
"Description": "ID of the Domain Member Security Group (e.g., sg-7f16e910)",
"Type": "AWS::EC2::SecurityGroup::Id"
},
"VPC": {
"Description": "ID of the VPC (e.g., vpc-0343606e)",
"Type": "AWS::EC2::VPC::Id"
},
"PrivateSubnet1Id": {
"Description": "ID of the subnet you want to provision the first WSFC node into (e.g., subnet-a0246dcd)",
"Type": "AWS::EC2::Subnet::Id"
},
"PrivateSubnet2Id": {
"Description": "ID of the subnet you want to provision the second WSFC node into (e.g., subnet-e3246d8e)",
"Type": "AWS::EC2::Subnet::Id"
},
"PrivSub1CIDR": {
"Description": "CIDR Block for Private Subnet located in AZ1",
"Type": "String",
"Default": "10.0.0.0/19",
"AllowedPattern": "[a-zA-Z0-9]+\\..+"
},
"PrivSub2CIDR": {
"Description": "CIDR Block for for Private Subnet located in AZ2",
"Type": "String",
"Default": "10.0.64.0/19",
"AllowedPattern": "[a-zA-Z0-9]+\\..+"
},
"SQLServerVersion": {
"Description": "Version of SQL Server to install on WSFC Nodes. Options include either \"2014\" or \"2012\"",
"Type": "String",
"AllowedValues": [
"2014",
"2012"
],
"Default": "2014"
},
"VPCCIDR": {
"Description": "CIDR Block used by the VPC",
"Type": "String",
"Default": "10.0.0.0/16",
"AllowedPattern": "[a-zA-Z0-9]+\\..+"
}
},
"Mappings": {
"AWSAMIRegionMap": {
"AMI": {
"WS2012R2": "Windows_Server-2012-R2_RTM-English-64Bit-Base-2019.07.12"
},
"ap-northeast-1": {
"WS2012R2": "ami-0eee9047b95b1f74c"
},
"ap-northeast-2": {
"WS2012R2": "ami-03e603f10c77a5463"
},
"ap-northeast-3": {
"WS2012R2": "ami-00a2d6fa816579509"
},
"ap-south-1": {
"WS2012R2": "ami-0ed889b4a59795a32"
},
"ap-southeast-1": {
"WS2012R2": "ami-0331be4a84b3b2e75"
},
"ap-southeast-2": {
"WS2012R2": "ami-087682590b598bde5"
},
"ca-central-1": {
"WS2012R2": "ami-05b0f7544383bc098"
},
"eu-central-1": {
"WS2012R2": "ami-02bafaa0e5f273fe6"
},
"eu-west-1": {
"WS2012R2": "ami-0c12af89247c70572"
},
"eu-west-2": {
"WS2012R2": "ami-040d07b284d8ded6b"
},
"eu-west-3": {
"WS2012R2": "ami-098e42db816ef64a8"
},
"sa-east-1": {
"WS2012R2": "ami-0b3e238c9181e2d52"
},
"us-east-1": {
"WS2012R2": "ami-0b7fbf81b6d5e4ac5"
},
"us-east-2": {
"WS2012R2": "ami-002c8e8f81577a96c"
},
"us-west-1": {
"WS2012R2": "ami-073e71ca7a28f7de4"
},
"us-west-2": {
"WS2012R2": "ami-07872c9dbb86b69ed"
}
}
},
"Resources": {
"WSFCNode1WaitCondition": {
"Type": "AWS::CloudFormation::WaitCondition",
"DependsOn": "WSFCNode1",
"Properties": {
"Handle": {
"Ref": "WSFCNode1WaitHandle"
},
"Timeout": "5400"
}
},
"WSFCNode1WaitHandle": {
"Type": "AWS::CloudFormation::WaitConditionHandle"
},
"WSFCNode2WaitCondition": {
"Type": "AWS::CloudFormation::WaitCondition",
"DependsOn": "WSFCNode2",
"Properties": {
"Handle": {
"Ref": "WSFCNode2WaitHandle"
},
"Timeout": "5400"
}
},
"WSFCNode2WaitHandle": {
"Type": "AWS::CloudFormation::WaitConditionHandle"
},
"WSFCNode1": {
"Type": "AWS::EC2::Instance",
"Metadata": {
"AWS::CloudFormation::Init": {
"configSets": {
"config": [
"CFNsetup",
"rename",
"join",
"createSqlAccount",
"installsql",
"finalize"
]
},
"CFNsetup": {
"files": {
"c:\\cfn\\cfn-hup.conf": {
"content": {
"Fn::Join": [
"",
[
"[main]\n",
"stack=",
{
"Ref": "AWS::StackId"
},
"\n",
"region=",
{
"Ref": "AWS::Region"
},
"\n"
]
]
}
},
"c:\\cfn\\hooks.d\\cfn-auto-reloader.conf": {
"content": {
"Fn::Join": [
"",
[
"[cfn-auto-reloader-hook]\n",
"triggers=post.update\n",
"path=Resources.WSFCNode1.Metadata.AWS::CloudFormation::Init\n",
"action=cfn-init.exe -v -s ",
{
"Ref": "AWS::StackId"
},
" -r WSFCNode1",
" --region ",
{
"Ref": "AWS::Region"
},
"\n"
]
]
}
}
},
"services": {
"windows": {
"cfn-hup": {
"enabled": "true",
"ensureRunning": "true",
"files": [
"c:\\cfn\\cfn-hup.conf",
"c:\\cfn\\hooks.d\\cfn-auto-reloader.conf"
]
}
}
},
"commands": {
"a-set-execution-policy": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -command Set-ExecutionPolicy RemoteSigned -Force"
]
]
},
"waitAfterCompletion": "0"
}
}
},
"rename": {
"commands": {
"1-execute-powershell-script-RenameComputer": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command Rename-Computer -NewName ",
{
"Ref": "WSFCNode1NetBIOSName"
},
" -Restart"
]
]
},
"waitAfterCompletion": "forever"
}
}
},
"join": {
"commands": {
"a-set-dns-servers": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"",
"Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses ",
{
"Ref": "ADServer1PrivateIp"
},
",",
{
"Ref": "ADServer2PrivateIp"
},
"\""
]
]
},
"waitAfterCompletion": "30"
},
"b-join-domain": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe ",
"-Command \"",
"Add-Computer -DomainName ",
{
"Ref": "DomainDNSName"
},
" -Credential ",
"(New-Object System.Management.Automation.PSCredential('",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
"',",
"(ConvertTo-SecureString ",
{
"Ref": "DomainAdminPassword"
},
" -AsPlainText -Force))) ",
"-Restart\""
]
]
},
"waitAfterCompletion": "forever"
}
}
},
"createSqlAccount": {
"commands": {
"1-create-sqlacct": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"Invoke-Command -Scriptblock{ New-ADUser ",
"-Name ",
{
"Ref": "SQLServiceAccount"
},
" ",
"-UserPrincipalName ",
{
"Ref": "SQLServiceAccount"
},
"@",
{
"Ref": "DomainDNSName"
},
" ",
"-AccountPassword (ConvertTo-SecureString ",
{
"Ref": "SQLServiceAccountPassword"
},
" -AsPlainText -Force) ",
"-Enabled $true ",
"-PasswordNeverExpires $true -EA 0} -ComputerName ",
{
"Ref": "ADServerNetBIOSName1"
},
" -Credential ",
"(New-Object System.Management.Automation.PSCredential('",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
"',",
"(ConvertTo-SecureString ",
{
"Ref": "DomainAdminPassword"
},
" -AsPlainText -Force))) ",
"\""
]
]
},
"waitAfterCompletion": "0"
}
}
},
"installsql": {
"files": {
"C:\\cfn\\scripts\\WSFC.ps1": {
"content": {
"Fn::Join": [
"",
[
"Install-WindowsFeature failover-clustering -IncludeManagementTools",
"\n"
]
]
}
},
"c:\\cfn\\scripts\\DownloadSQLEE.ps1": {
"source": "https://s3.amazonaws.com/aws-quickstart/quickstart-microsoft-sql/scripts/DownloadSQLEE-Legacy.ps1"
},
"c:\\cfn\\scripts\\OpenWSFCPorts.bat": {
"source": "https://s3.amazonaws.com/aws-quickstart/quickstart-microsoft-sql/scripts/OpenWSFCPorts.bat"
},
"C:\\cfn\\scripts\\AddUserToGroup.ps1": {
"content": {
"Fn::Join": [
"",
[
"Param(",
"\n",
"[Parameter(Mandatory=$True)]",
"\n",
"[string]$ServerName,",
"\n",
"[Parameter(Mandatory=$True)]",
"\n",
"[string]$GroupName,",
"\n",
"[Parameter(Mandatory=$True)]",
"\n",
"[string]$DomainNetBIOSName,",
"\n",
"[Parameter(Mandatory=$True)]",
"\n",
"[string]$UserName",
"\n",
")",
"$de = [ADSI]\"WinNT://$ServerName/$GroupName,group\"",
"\n",
"$de.psbase.Invoke(\"Add\",([ADSI]\"WinNT://$DomainNetBIOSName/$UserName\").path)",
"\n"
]
]
}
},
"C:\\Users\\Default\\Desktop\\InstallSQLEE.bat": {
"content": {
"Fn::Join": [
"",
[
"powershell.exe -command Install-WindowsFeature NET-Framework-Core",
"\n",
"powershell.exe -command \"dir \\\\",
{
"Ref": "ADServerNetBIOSName1"
},
"\\sqlinstall\\*.iso | Mount-DiskImage\"",
"\n",
"powershell.exe -command \"Get-Volume | ?{$_.DriveType -eq 'CD-ROM'} | select -ExpandProperty DriveLetter\" > %temp%\\driveletter.txt",
"\n",
"SET /p driveletter=<%temp%\\driveletter.txt",
"\n",
"%driveletter%:\\SETUP.EXE ",
"/QS ",
"/Action=Install ",
"/Features=SQLEngine,Replication,FullText,Conn,BOL,ADV_SSMS ",
"/INSTANCENAME=MSSQLSERVER ",
"/SQLSVCACCOUNT=\"",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "SQLServiceAccount"
},
"\" ",
"/SQLSVCPASSWORD=\"",
{
"Ref": "SQLServiceAccountPassword"
},
"\" ",
"/AGTSVCACCOUNT=\"",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "SQLServiceAccount"
},
"\" ",
"/AGTSVCPASSWORD=\"",
{
"Ref": "SQLServiceAccountPassword"
},
"\" ",
"/SQLSYSADMINACCOUNTS=\"",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
"\" ",
"/SQLUSERDBDIR=\"D:\\MSSQL\\DATA\" ",
"/SQLUSERDBLOGDIR=\"E:\\MSSQL\\LOG\" ",
"/SQLBACKUPDIR=\"f:\\MSSQL\\Backup\" ",
"/SQLTEMPDBDIR=\"f:\\MSSQL\\TempDB\" ",
"/SQLTEMPDBLOGDIR=\"f:\\MSSQL\\TempDB\" ",
"/IACCEPTSQLSERVERLICENSETERMS",
"\n",
"C:\\PROGRA~1\\MICROS~1\\CLIENT~1\\ODBC\\110\\Tools\\Binn\\SQLCMD.EXE -i c:\\cfn\\scripts\\MaxDOP.sql"
]
]
}
},
"c:\\cfn\\scripts\\MaxDOP.sql": {
"source": "https://s3.amazonaws.com/aws-quickstart/quickstart-microsoft-sql/scripts/MaxDOP.sql"
}
},
"commands": {
"a-execute-powershell-script-WSFC": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe ",
"-ExecutionPolicy",
" RemoteSigned",
" C:\\cfn\\scripts\\WSFC.ps1"
]
]
},
"waitAfterCompletion": "0"
},
"b-create-folder": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"",
"Invoke-Command -ScriptBlock {New-Item -ItemType directory -Path c:\\ -Name sqlinstall} -ComputerName ",
{
"Ref": "ADServerNetBIOSName1"
},
" -Credential ",
"(New-Object System.Management.Automation.PSCredential('",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
"',",
"(ConvertTo-SecureString ",
{
"Ref": "DomainAdminPassword"
},
" -AsPlainText -Force))) ",
"\""
]
]
},
"waitAfterCompletion": "0"
},
"c-create-share": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"",
"Invoke-Command -ScriptBlock { New-SmbShare -Name sqlinstall -Path c:\\sqlinstall -FullAccess everyone } -ComputerName ",
{
"Ref": "ADServerNetBIOSName1"
},
" -Credential ",
"(New-Object System.Management.Automation.PSCredential('",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
"',",
"(ConvertTo-SecureString ",
{
"Ref": "DomainAdminPassword"
},
" -AsPlainText -Force))) ",
"\""
]
]
},
"waitAfterCompletion": "0"
},
"d-execute-powershell-DownloadSQLEE": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe ",
"-ExecutionPolicy",
" RemoteSigned",
" C:\\cfn\\scripts\\DownloadSQLEE.ps1 -SQLServerVersion ",
{
"Ref": "SQLServerVersion"
},
" -DestServer ",
{
"Ref": "ADServerNetBIOSName1"
},
" -DestShare sqlinstall"
]
]
},
"waitAfterCompletion": "0"
},
"e-open-WSFC-ports": {
"command": "C:\\cfn\\scripts\\OpenWSFCPorts.bat"
},
"f-execute-powershell-script-AddUserToGroup": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe ",
"-ExecutionPolicy",
" RemoteSigned",
" C:\\cfn\\scripts\\AddUserToGroup.ps1 -UserName ",
{
"Ref": "DomainAdminUser"
},
" -ServerName ",
{
"Ref": "WSFCNode1NetBIOSName"
},
" -DomainNetBIOSName ",
{
"Ref": "DomainNetBIOSName"
},
" -GroupName \"Administrators\"",
"\n"
]
]
},
"waitAfterCompletion": "0"
},
"g-execute-powershell-script-AddUserToGroup": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe ",
"-ExecutionPolicy",
" RemoteSigned",
" C:\\cfn\\scripts\\AddUserToGroup.ps1 -UserName ",
{
"Ref": "SQLServiceAccount"
},
" -ServerName ",
{
"Ref": "WSFCNode1NetBIOSName"
},
" -DomainNetBIOSName ",
{
"Ref": "DomainNetBIOSName"
},
" -GroupName \"Administrators\"",
"\n"
]
]
},
"waitAfterCompletion": "0"
},
"h-enable-autologon": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"New-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon' -Name AutoAdminLogon -Value 1",
";",
"New-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon' -Name DefaultUserName -Value ",
{
"Ref": "DomainAdminUser"
},
"@",
{
"Ref": "DomainDNSName"
},
" | out-null",
";",
"New-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon' -Name DefaultPassword -Value ",
{
"Ref": "DomainAdminPassword"
},
"\""
]
]
},
"waitAfterCompletion": "0"
},
"i-set-startup-script": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"New-ItemProperty -Path HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce -Name InstallSQL -Value C:\\Users\\Default\\Desktop\\InstallSQLEE.bat",
"\""
]
]
},
"waitAfterCompletion": "0"
},
"j-reboot": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command Restart-Computer -Force"
]
]
},
"waitAfterCompletion": "forever"
},
"k-force-ad-replication": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"Invoke-Command -Scriptblock{ repadmin /syncall /A /e /P } -ComputerName ",
{
"Ref": "ADServerNetBIOSName1"
},
" -Credential ",
"(New-Object System.Management.Automation.PSCredential('",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
"',",
"(ConvertTo-SecureString ",
{
"Ref": "DomainAdminPassword"
},
" -AsPlainText -Force))) ",
"\""
]
]
},
"waitAfterCompletion": "0"
},
"l-cleanup-registry": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"Remove-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon' -Name AutoAdminLogon",
";",
"Remove-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon' -Name DefaultUserName",
";",
"Remove-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon' -Name DefaultPassword",
"\""
]
]
},
"waitAfterCompletion": "900"
}
}
},
"finalize": {
"commands": {
"1-signal-success": {
"command": {
"Fn::Join": [
"",
[
"cfn-signal.exe -e 0 \"",
{
"Ref": "WSFCNode1WaitHandle"
},
"\""
]
]
}
}
}
}
}
},
"Properties": {
"ImageId": {
"Fn::FindInMap": [
"AWSAMIRegionMap",
{
"Ref": "AWS::Region"
},
"WS2012R2"
]
},
"InstanceType": {
"Ref": "WSFCNode1InstanceType"
},
"EbsOptimized": "true",
"NetworkInterfaces": [
{
"DeleteOnTermination": "true",
"DeviceIndex": 0,
"SubnetId": {
"Ref": "PrivateSubnet1Id"
},
"PrivateIpAddresses": [
{
"Primary": "true",
"PrivateIpAddress": {
"Ref": "WSFCNode1PrivateIp"
}
},
{
"Primary": "false",
"PrivateIpAddress": {
"Ref": "WSFCNode1PrivateIp2"
}
},
{
"Primary": "false",
"PrivateIpAddress": {
"Ref": "WSFCNode1PrivateIp3"
}
}
],
"GroupSet": [
{
"Ref": "DomainMemberSGID"
},
{
"Ref": "WSFCSecurityGroup"
},
{
"Ref": "WSFCClientSecurityGroup"
}
]
}
],
"Tags": [
{
"Key": "Name",
"Value": {
"Ref": "WSFCNode1NetBIOSName"
}
}
],
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": "100",
"VolumeType": "gp2"
}
},
{
"DeviceName": "/dev/xvdca",
"VirtualName": "ephemeral0"
}
],
"Volumes": [
{
"VolumeId": {
"Ref": "WSFCNode1Volume1"
},
"Device": "/dev/xvdb"
},
{
"VolumeId": {
"Ref": "WSFCNode1Volume2"
},
"Device": "/dev/xvdc"
},
{
"VolumeId": {
"Ref": "WSFCNode1Volume3"
},
"Device": "/dev/xvdd"
}
],
"KeyName": {
"Ref": "KeyPairName"
},
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
""
]
]
}
}
}
},
"WSFCNode2": {
"Type": "AWS::EC2::Instance",
"DependsOn": "WSFCNode1WaitCondition",
"Metadata": {
"AWS::CloudFormation::Init": {
"configSets": {
"config": [
"CFNsetup",
"rename",
"join",
"installsql",
"configsql",
"finalize"
]
},
"CFNsetup": {
"files": {
"c:\\cfn\\cfn-hup.conf": {
"content": {
"Fn::Join": [
"",
[
"[main]\n",
"stack=",
{
"Ref": "AWS::StackId"
},
"\n",
"region=",
{
"Ref": "AWS::Region"
},
"\n"
]
]
}
},
"c:\\cfn\\hooks.d\\cfn-auto-reloader.conf": {
"content": {
"Fn::Join": [
"",
[
"[cfn-auto-reloader-hook]\n",
"triggers=post.update\n",
"path=Resources.WSFCNode2.Metadata.AWS::CloudFormation::Init\n",
"action=cfn-init.exe -v -s ",
{
"Ref": "AWS::StackId"
},
" -r WSFCNode2",
" --region ",
{
"Ref": "AWS::Region"
},
"\n"
]
]
}
},
"c:\\cfn\\scripts\\MaxDOP.sql": {
"source": "https://s3.amazonaws.com/aws-quickstart/quickstart-microsoft-sql/scripts/MaxDOP.sql"
}
},
"services": {
"windows": {
"cfn-hup": {
"enabled": "true",
"ensureRunning": "true",
"files": [
"c:\\cfn\\cfn-hup.conf",
"c:\\cfn\\hooks.d\\cfn-auto-reloader.conf"
]
}
}
},
"commands": {
"a-set-execution-policy": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -command Set-ExecutionPolicy RemoteSigned -Force"
]
]
},
"waitAfterCompletion": "0"
}
}
},
"rename": {
"commands": {
"1-execute-powershell-script-RenameComputer": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command Rename-Computer -NewName ",
{
"Ref": "WSFCNode2NetBIOSName"
},
" -Restart"
]
]
},
"waitAfterCompletion": "forever"
}
}
},
"join": {
"commands": {
"a-set-dns-servers": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"",
"Get-NetAdapter | Set-DnsClientServerAddress -ServerAddresses ",
{
"Ref": "ADServer2PrivateIp"
},
",",
{
"Ref": "ADServer1PrivateIp"
},
"\""
]
]
},
"waitAfterCompletion": "30"
},
"b-join-domain": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe ",
"-Command \"",
"Add-Computer -DomainName ",
{
"Ref": "DomainDNSName"
},
" -Credential ",
"(New-Object System.Management.Automation.PSCredential('",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
"',",
"(ConvertTo-SecureString ",
{
"Ref": "DomainAdminPassword"
},
" -AsPlainText -Force))) ",
"-Restart\""
]
]
},
"waitAfterCompletion": "forever"
}
}
},
"installsql": {
"files": {
"C:\\cfn\\scripts\\WSFC.ps1": {
"content": {
"Fn::Join": [
"",
[
"Install-WindowsFeature failover-clustering -IncludeManagementTools",
"\n"
]
]
}
},
"c:\\cfn\\scripts\\OpenWSFCPorts.bat": {
"source": "https://s3.amazonaws.com/aws-quickstart/quickstart-microsoft-sql/scripts/OpenWSFCPorts.bat"
},
"C:\\cfn\\scripts\\AddUserToGroup.ps1": {
"content": {
"Fn::Join": [
"",
[
"Param(",
"\n",
"[Parameter(Mandatory=$True)]",
"\n",
"[string]$ServerName,",
"\n",
"[Parameter(Mandatory=$True)]",
"\n",
"[string]$GroupName,",
"\n",
"[Parameter(Mandatory=$True)]",
"\n",
"[string]$DomainNetBIOSName,",
"\n",
"[Parameter(Mandatory=$True)]",
"\n",
"[string]$UserName",
"\n",
")",
"$de = [ADSI]\"WinNT://$ServerName/$GroupName,group\"",
"\n",
"$de.psbase.Invoke(\"Add\",([ADSI]\"WinNT://$DomainNetBIOSName/$UserName\").path)",
"\n"
]
]
}
},
"C:\\Users\\Default\\Desktop\\InstallSQLEE.bat": {
"content": {
"Fn::Join": [
"",
[
"powershell.exe -command Install-WindowsFeature NET-Framework-Core",
"\n",
"powershell.exe -command \"dir \\\\",
{
"Ref": "ADServerNetBIOSName1"
},
"\\sqlinstall\\*.iso | Mount-DiskImage\"",
"\n",
"powershell.exe -command \"Get-Volume | ?{$_.DriveType -eq 'CD-ROM'} | select -ExpandProperty DriveLetter\" > %temp%\\driveletter.txt",
"\n",
"SET /p driveletter=<%temp%\\driveletter.txt",
"\n",
"%driveletter%:\\SETUP.EXE ",
"/QS ",
"/Action=Install ",
"/Features=SQLEngine,Replication,FullText,Conn,BOL,ADV_SSMS ",
"/INSTANCENAME=MSSQLSERVER ",
"/SQLSVCACCOUNT=\"",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "SQLServiceAccount"
},
"\" ",
"/SQLSVCPASSWORD=\"",
{
"Ref": "SQLServiceAccountPassword"
},
"\" ",
"/AGTSVCACCOUNT=\"",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "SQLServiceAccount"
},
"\" ",
"/AGTSVCPASSWORD=\"",
{
"Ref": "SQLServiceAccountPassword"
},
"\" ",
"/SQLSYSADMINACCOUNTS=\"",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
"\" ",
"/SQLUSERDBDIR=\"D:\\MSSQL\\DATA\" ",
"/SQLUSERDBLOGDIR=\"E:\\MSSQL\\LOG\" ",
"/SQLBACKUPDIR=\"f:\\MSSQL\\Backup\" ",
"/SQLTEMPDBDIR=\"f:\\MSSQL\\TempDB\" ",
"/SQLTEMPDBLOGDIR=\"f:\\MSSQL\\TempDB\" ",
"/IACCEPTSQLSERVERLICENSETERMS",
"\n",
"C:\\PROGRA~1\\MICROS~1\\CLIENT~1\\ODBC\\110\\Tools\\Binn\\SQLCMD.EXE -i c:\\cfn\\scripts\\MaxDOP.sql"
]
]
}
}
},
"commands": {
"a-execute-powershell-script-WSFC": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe ",
"-ExecutionPolicy",
" RemoteSigned",
" C:\\cfn\\scripts\\WSFC.ps1"
]
]
},
"waitAfterCompletion": "0"
},
"b-open-WSFC-ports": {
"command": "C:\\cfn\\scripts\\OpenWSFCPorts.bat"
},
"c-execute-powershell-script-AddUserToGroup": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe ",
"-ExecutionPolicy",
" RemoteSigned",
" C:\\cfn\\scripts\\AddUserToGroup.ps1 -UserName ",
{
"Ref": "SQLServiceAccount"
},
" -ServerName ",
{
"Ref": "WSFCNode2NetBIOSName"
},
" -DomainNetBIOSName ",
{
"Ref": "DomainNetBIOSName"
},
" -GroupName \"Administrators\"",
"\n"
]
]
},
"waitAfterCompletion": "0"
},
"d-enable-autologon": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"New-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon' -Name AutoAdminLogon -Value 1",
";",
"New-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon' -Name DefaultUserName -Value ",
{
"Ref": "DomainAdminUser"
},
"@",
{
"Ref": "DomainDNSName"
},
";",
"New-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon' -Name DefaultPassword -Value ",
{
"Ref": "DomainAdminPassword"
},
"\""
]
]
},
"waitAfterCompletion": "0"
},
"e-set-startup-script": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"New-ItemProperty -Path HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce -Name InstallSQL -Value C:\\Users\\Default\\Desktop\\InstallSQLEE.bat",
"\""
]
]
},
"waitAfterCompletion": "0"
},
"f-reboot": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command Restart-Computer -Force"
]
]
},
"waitAfterCompletion": "forever"
}
}
},
"configsql": {
"files": {
"c:\\cfn\\scripts\\InstallWsfc.ps1": {
"content": {
"Fn::Join": [
"",
[
"New-Cluster -Name WSFCluster1 -Node ",
{
"Ref": "WSFCNode1NetBIOSName"
},
",",
{
"Ref": "WSFCNode2NetBIOSName"
},
" -StaticAddress ",
{
"Ref": "WSFCNode1PrivateIp2"
},
",",
{
"Ref": "WSFCNode2PrivateIp2"
},
"\n"
]
]
}
}
},
"commands": {
"a-set-startup-script": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"New-ItemProperty -Path HKLM:\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\RunOnce -Name InstallWSFC -Value 'powershell.exe -ExecutionPolicy RemoteSigned -Command c:\\cfn\\scripts\\InstallWsfc.ps1'",
"\""
]
]
},
"waitAfterCompletion": "1500"
},
"b-reboot": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command Restart-Computer -Force"
]
]
},
"waitAfterCompletion": "forever"
},
"c-force-ad-replication": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"Invoke-Command -Scriptblock{ repadmin /syncall /A /e /P } -ComputerName ",
{
"Ref": "ADServerNetBIOSName2"
},
" -Credential ",
"(New-Object System.Management.Automation.PSCredential('",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
"',",
"(ConvertTo-SecureString ",
{
"Ref": "DomainAdminPassword"
},
" -AsPlainText -Force))) ",
"\""
]
]
},
"waitAfterCompletion": "300"
},
"d-create-folder": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"",
"Invoke-Command -ScriptBlock {New-Item -ItemType directory -Path c:\\ -Name witness} -ComputerName ",
{
"Ref": "ADServerNetBIOSName1"
},
" -Credential ",
"(New-Object System.Management.Automation.PSCredential('",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
"',",
"(ConvertTo-SecureString ",
{
"Ref": "DomainAdminPassword"
},
" -AsPlainText -Force))) ",
"\""
]
]
},
"waitAfterCompletion": "0"
},
"e-create-folder2": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"",
"Invoke-Command -ScriptBlock {New-Item -ItemType directory -Path c:\\ -Name replica} -ComputerName ",
{
"Ref": "ADServerNetBIOSName1"
},
" -Credential ",
"(New-Object System.Management.Automation.PSCredential('",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
"',",
"(ConvertTo-SecureString ",
{
"Ref": "DomainAdminPassword"
},
" -AsPlainText -Force))) ",
"\""
]
]
},
"waitAfterCompletion": "0"
},
"f-create-share": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"",
"Invoke-Command -ScriptBlock { New-SmbShare -Name witness -Path c:\\witness -FullAccess everyone } -ComputerName ",
{
"Ref": "ADServerNetBIOSName1"
},
" -Credential ",
"(New-Object System.Management.Automation.PSCredential('",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
"',",
"(ConvertTo-SecureString ",
{
"Ref": "DomainAdminPassword"
},
" -AsPlainText -Force))) ",
"\""
]
]
},
"waitAfterCompletion": "0"
},
"g-create-share2": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"",
"Invoke-Command -ScriptBlock { New-SmbShare -Name replica -Path c:\\replica -FullAccess everyone } -ComputerName ",
{
"Ref": "ADServerNetBIOSName1"
},
" -Credential ",
"(New-Object System.Management.Automation.PSCredential('",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
"',",
"(ConvertTo-SecureString ",
{
"Ref": "DomainAdminPassword"
},
" -AsPlainText -Force))) ",
"\""
]
]
},
"waitAfterCompletion": "0"
},
"h-set-share-permissions": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"",
"Invoke-Command -ScriptBlock {",
" $acl = Get-Acl c:\\witness;",
" $rule = New-Object System.Security.AccessControl.FileSystemAccessRule('",
{
"Ref": "DomainNetBIOSName"
},
"\\WSFCluster1$','FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow');",
" $acl.AddAccessRule($rule);",
" Set-Acl c:\\witness $acl",
"} -ComputerName ",
{
"Ref": "ADServerNetBIOSName1"
},
" -Credential ",
"(New-Object System.Management.Automation.PSCredential('",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
"',",
"(ConvertTo-SecureString ",
{
"Ref": "DomainAdminPassword"
},
" -AsPlainText -Force))) ",
"\""
]
]
},
"waitAfterCompletion": "0"
},
"i-set-share-permissions2": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"",
"Invoke-Command -ScriptBlock {",
" $acl = Get-Acl c:\\replica;",
" $rule = New-Object System.Security.AccessControl.FileSystemAccessRule('",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "SQLServiceAccount"
},
"','FullControl', 'ContainerInherit, ObjectInherit', 'None', 'Allow');",
" $acl.AddAccessRule($rule);",
" Set-Acl c:\\replica $acl",
"} -ComputerName ",
{
"Ref": "ADServerNetBIOSName1"
},
" -Credential ",
"(New-Object System.Management.Automation.PSCredential('",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
"',",
"(ConvertTo-SecureString ",
{
"Ref": "DomainAdminPassword"
},
" -AsPlainText -Force))) ",
"\""
]
]
},
"waitAfterCompletion": "0"
},
"j-set-wsfc-cluster-quorum": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"Invoke-Command -Scriptblock{ ",
"Set-ClusterQuorum -NodeAndFileShareMajority \\\\",
{
"Ref": "ADServerNetBIOSName1"
},
"\\witness",
" } -ComputerName ",
{
"Ref": "WSFCNode2NetBIOSName"
},
" -Credential ",
"(New-Object System.Management.Automation.PSCredential('",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
"',",
"(ConvertTo-SecureString ",
{
"Ref": "DomainAdminPassword"
},
" -AsPlainText -Force))) ",
"\""
]
]
},
"waitAfterCompletion": "0"
},
"k-enable-always-on-node1": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"",
"Invoke-Command -ScriptBlock {Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned;Enable-SqlAlwaysOn -ServerInstance ",
{
"Ref": "WSFCNode1NetBIOSName"
},
" -Force} -ComputerName ",
{
"Ref": "WSFCNode1NetBIOSName"
},
" -Credential ",
"(New-Object System.Management.Automation.PSCredential('",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
"',",
"(ConvertTo-SecureString ",
{
"Ref": "DomainAdminPassword"
},
" -AsPlainText -Force))) ",
"\""
]
]
},
"waitAfterCompletion": "0"
},
"l-enable-always-on-node2": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"Invoke-Command -Scriptblock{ ",
"Set-ExecutionPolicy -Scope Process -ExecutionPolicy RemoteSigned;Enable-SqlAlwaysOn -ServerInstance ",
{
"Ref": "WSFCNode2NetBIOSName"
},
" -Force",
" } -ComputerName ",
{
"Ref": "WSFCNode2NetBIOSName"
},
" -Credential ",
"(New-Object System.Management.Automation.PSCredential('",
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
},
"',",
"(ConvertTo-SecureString ",
{
"Ref": "DomainAdminPassword"
},
" -AsPlainText -Force))) ",
"\""
]
]
},
"waitAfterCompletion": "0"
}
}
},
"finalize": {
"commands": {
"a-cleanup-registry": {
"command": {
"Fn::Join": [
"",
[
"powershell.exe -Command ",
"\"Remove-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon' -Name AutoAdminLogon",
";",
"Remove-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon' -Name DefaultUserName",
";",
"Remove-ItemProperty -Path 'HKLM:\\SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Winlogon' -Name DefaultPassword",
"\""
]
]
},
"waitAfterCompletion": "0"
},
"b-signal-success": {
"command": {
"Fn::Join": [
"",
[
"cfn-signal.exe -e 0 \"",
{
"Ref": "WSFCNode2WaitHandle"
},
"\""
]
]
}
}
}
}
}
},
"Properties": {
"ImageId": {
"Fn::FindInMap": [
"AWSAMIRegionMap",
{
"Ref": "AWS::Region"
},
"WS2012R2"
]
},
"InstanceType": {
"Ref": "WSFCNode2InstanceType"
},
"EbsOptimized": "true",
"NetworkInterfaces": [
{
"DeleteOnTermination": "true",
"DeviceIndex": 0,
"SubnetId": {
"Ref": "PrivateSubnet2Id"
},
"PrivateIpAddresses": [
{
"Primary": "true",
"PrivateIpAddress": {
"Ref": "WSFCNode2PrivateIp"
}
},
{
"Primary": "false",
"PrivateIpAddress": {
"Ref": "WSFCNode2PrivateIp2"
}
},
{
"Primary": "false",
"PrivateIpAddress": {
"Ref": "WSFCNode2PrivateIp3"
}
}
],
"GroupSet": [
{
"Ref": "DomainMemberSGID"
},
{
"Ref": "WSFCSecurityGroup"
},
{
"Ref": "WSFCClientSecurityGroup"
}
]
}
],
"Tags": [
{
"Key": "Name",
"Value": {
"Ref": "WSFCNode2NetBIOSName"
}
}
],
"BlockDeviceMappings": [
{
"DeviceName": "/dev/sda1",
"Ebs": {
"VolumeSize": "100",
"VolumeType": "gp2"
}
},
{
"DeviceName": "/dev/xvdca",
"VirtualName": "ephemeral0"
}
],
"Volumes": [
{
"VolumeId": {
"Ref": "WSFCNode2Volume1"
},
"Device": "/dev/xvdb"
},
{
"VolumeId": {
"Ref": "WSFCNode2Volume2"
},
"Device": "/dev/xvdc"
},
{
"VolumeId": {
"Ref": "WSFCNode2Volume3"
},
"Device": "/dev/xvdd"
}
],
"KeyName": {
"Ref": "KeyPairName"
},
"UserData": {
"Fn::Base64": {
"Fn::Join": [
"",
[
""
]
]
}
}
}
},
"WSFCNode1Volume1": {
"Type": "AWS::EC2::Volume",
"Properties": {
"Size": "500",
"VolumeType": "gp2",
"AvailabilityZone": {
"Fn::Select": [
0,
{
"Fn::GetAZs": ""
}
]
}
}
},
"WSFCNode1Volume2": {
"Type": "AWS::EC2::Volume",
"Properties": {
"Size": "500",
"VolumeType": "gp2",
"AvailabilityZone": {
"Fn::Select": [
0,
{
"Fn::GetAZs": ""
}
]
}
}
},
"WSFCNode1Volume3": {
"Type": "AWS::EC2::Volume",
"Properties": {
"Size": "500",
"VolumeType": "gp2",
"AvailabilityZone": {
"Fn::Select": [
0,
{
"Fn::GetAZs": ""
}
]
}
}
},
"WSFCNode2Volume1": {
"Type": "AWS::EC2::Volume",
"Properties": {
"Size": "500",
"VolumeType": "gp2",
"AvailabilityZone": {
"Fn::Select": [
1,
{
"Fn::GetAZs": ""
}
]
}
}
},
"WSFCNode2Volume2": {
"Type": "AWS::EC2::Volume",
"Properties": {
"Size": "500",
"VolumeType": "gp2",
"AvailabilityZone": {
"Fn::Select": [
1,
{
"Fn::GetAZs": ""
}
]
}
}
},
"WSFCNode2Volume3": {
"Type": "AWS::EC2::Volume",
"Properties": {
"Size": "500",
"VolumeType": "gp2",
"AvailabilityZone": {
"Fn::Select": [
1,
{
"Fn::GetAZs": ""
}
]
}
}
},
"WSFCSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enable the WSFC and SQL AlwaysOn Availability Group communications",
"VpcId": {
"Ref": "VPC"
},
"SecurityGroupIngress": [
{
"IpProtocol": "icmp",
"FromPort": "-1",
"ToPort": "-1",
"CidrIp": {
"Ref": "PrivSub1CIDR"
}
},
{
"IpProtocol": "icmp",
"FromPort": "-1",
"ToPort": "-1",
"CidrIp": {
"Ref": "PrivSub2CIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "135",
"ToPort": "135",
"CidrIp": {
"Ref": "PrivSub1CIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "135",
"ToPort": "135",
"CidrIp": {
"Ref": "PrivSub2CIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "137",
"ToPort": "137",
"CidrIp": {
"Ref": "PrivSub1CIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "137",
"ToPort": "137",
"CidrIp": {
"Ref": "PrivSub2CIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "445",
"ToPort": "445",
"CidrIp": {
"Ref": "PrivSub1CIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "445",
"ToPort": "445",
"CidrIp": {
"Ref": "PrivSub2CIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "1433",
"ToPort": "1433",
"CidrIp": {
"Ref": "PrivSub1CIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "1433",
"ToPort": "1433",
"CidrIp": {
"Ref": "PrivSub2CIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "3343",
"ToPort": "3343",
"CidrIp": {
"Ref": "PrivSub1CIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "3343",
"ToPort": "3343",
"CidrIp": {
"Ref": "PrivSub2CIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "5022",
"ToPort": "5022",
"CidrIp": {
"Ref": "PrivSub1CIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "5022",
"ToPort": "5022",
"CidrIp": {
"Ref": "PrivSub2CIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "5985",
"ToPort": "5985",
"CidrIp": {
"Ref": "PrivSub1CIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "5985",
"ToPort": "5985",
"CidrIp": {
"Ref": "PrivSub2CIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "49152",
"ToPort": "65535",
"CidrIp": {
"Ref": "PrivSub1CIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "49152",
"ToPort": "65535",
"CidrIp": {
"Ref": "PrivSub2CIDR"
}
},
{
"IpProtocol": "udp",
"FromPort": "137",
"ToPort": "137",
"CidrIp": {
"Ref": "PrivSub1CIDR"
}
},
{
"IpProtocol": "udp",
"FromPort": "137",
"ToPort": "137",
"CidrIp": {
"Ref": "PrivSub2CIDR"
}
},
{
"IpProtocol": "udp",
"FromPort": "3343",
"ToPort": "3343",
"CidrIp": {
"Ref": "PrivSub1CIDR"
}
},
{
"IpProtocol": "udp",
"FromPort": "3343",
"ToPort": "3343",
"CidrIp": {
"Ref": "PrivSub2CIDR"
}
},
{
"IpProtocol": "udp",
"FromPort": "49152",
"ToPort": "65535",
"CidrIp": {
"Ref": "PrivSub1CIDR"
}
},
{
"IpProtocol": "udp",
"FromPort": "49152",
"ToPort": "65535",
"CidrIp": {
"Ref": "PrivSub2CIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "1433",
"ToPort": "1434",
"CidrIp": {
"Ref": "PrivSub1CIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "1433",
"ToPort": "1434",
"CidrIp": {
"Ref": "PrivSub2CIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "1433",
"ToPort": "1434",
"CidrIp": {
"Ref": "PrivSub1CIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "1433",
"ToPort": "1434",
"CidrIp": {
"Ref": "PrivSub2CIDR"
}
}
]
}
},
"WSFCClientSecurityGroup": {
"Type": "AWS::EC2::SecurityGroup",
"Properties": {
"GroupDescription": "Enable SQL Client Connections from instances inside the VPC",
"VpcId": {
"Ref": "VPC"
},
"SecurityGroupIngress": [
{
"IpProtocol": "tcp",
"FromPort": "1433",
"ToPort": "1433",
"CidrIp": {
"Ref": "PrivSub1CIDR"
}
},
{
"IpProtocol": "tcp",
"FromPort": "1433",
"ToPort": "1433",
"CidrIp": {
"Ref": "PrivSub2CIDR"
}
}
]
}
}
},
"Outputs": {
"DomainAdmin": {
"Value": {
"Fn::Join": [
"",
[
{
"Ref": "DomainNetBIOSName"
},
"\\",
{
"Ref": "DomainAdminUser"
}
]
]
},
"Description": "Domain administrator account"
},
"LocalAdmin": {
"Value": "Administrator",
"Description": "Please retrieve Administrator password of the instance"
},
"WSFCNode1NetBIOSName": {
"Value": {
"Ref": "WSFCNode1NetBIOSName"
},
"Description": "NetBIOS name of the 1st WSFC Node"
},
"WSFCNode2NetBIOSName": {
"Value": {
"Ref": "WSFCNode2NetBIOSName"
},
"Description": "NetBIOS name of the 2nd WSFC Node"
}
}
}